04 April 2011

Zero Day by Mark Russinovich

The book Zero Day is an instant computer security classic. Unlike The Cuckoo's egg (which I also recommend), Zero Day is a fictional story, but not at all less plausible.

It's very fun to read, with a captivating plot. I kept flipping to the back cover making sure I remembered correctly, that the author is a computer security expert who wrote sysinternals, a hardcore system administration tool for Windows -- He may well have been a professional novelist.

Its target audience is not limited to computer professionals, but computer geeks should really enjoy it. When it gets technical, the author does a great job at explaining the terms, and the technical parts are extremely accurate. I'm quite familiar with the technology though, so I'm probably biased -- others might find it too technical for their taste.

The threat of attacks against big Western companies isn't imaginary -- RSA and Google among many others have been the targets of attacks just like the ones described in the book. When the purpose of the attack becomes destruction, the story is certainly more interesting.

31 March 2011

Estimating web malware infections

Many reports on web malware infections tend to use Google queries to estimate the impact of the infection. The latest example comes from Websense.

I don't recommend using Google's "About ... results" to estimate the number of infected URLs. Clicking through the search results, the estimate changes dramatically. What seems to start as "About 533,000 results" at some point drops dramatically to "Page 38 of 374 results"

These result pages change very fast, you might hit the "end" of your results in a different page than I did.  This number is not accurate either -- Search result pages typically limit the number of URLs they return per site.

That's one reason I'd be cautious of this method. The other reason is perhaps more fundamental. A search engine does not index HTML tags, only text between these tags. So a query for "<script src="http://lizamoon.com/ur.php" does not necessarily yield pages infected with that script -- but mostly pages where the infection was unsuccessful, and that tag appears as HTML-escaped text. The blog post from websense actually illustrates this:

This is not a script include -- it's text, and in this case, harmless. Some of the infections might actually have worked. As the first image shows, 2 of the results are marked as "may harm your computer" by Google.

Google offers a different way to estimate infections, the Safe Browsing Diagnostic page. For this site, at the time I fetched the page, it reported that 5 sites were infected. That's not to claim that the diagnostic page is the most accurate estimate out there, but I work on the team and I trust it :).

24 December 2010

Seismos: A seismograph app for Android

My brother wasn't very fond of the existing seismograph apps for Android, so I made one according to his requirements (namely, one that shows all 3 axes at the same time).

The development was surprisingly easy -- I'll publish the source code soon -- but it was very straightforward and done within essentially 1 day.

It's probably a bit buggy and slow (at least on the Nexus S). I've tested it on a G1, Nexus One, T-Mobile MyTouch 3G slide, and Nexus S. I'll address the speed issue in the future. To give it a try, you can download it from the Android Market (Search for "Seismos")

19 December 2009

3G and gprs for cyta/ cytamobile and android

I gave my dad my old Android phone (T-mobile G1). After a lot of search we managed to get it to work with Cyta's 3G network. First we called Cyta on 132 and asked for a data plan. For €9/ month you get 200MB, which is probably decent. They also have more plans for more bandwidth. The next day we called again and confirmed our account was ready They told us that we had to setup the phone as well. They gave us some instructions for the HTC touch which is a WinMo phone and they almost worked. We could connect to websites but only via their proxy and only via HTTP. HTTPS and native phone apps (talk, gmail, etc) did not work.

For reference, the instructions that you should NOT follow are the following:

  •   APN cytamobile Proxy Port 8080 -- these don't work

Here's the instructions that do work: 

  • APN: internet . Nothing else.  Enjoy!

01 January 2002

IOA Compiler (2002)